description | title | ms.date | ms.assetid |
---|---|---|---|
Learn more about: <messageSenderAuthentication> element |
<messageSenderAuthentication> element |
03/30/2017 |
8d979dfc-a6f9-42ec-96d5-7fbc13a48118 |
Specifies authentication options for peer-to-peer message senders.
For more information about peer-to-peer programming, see Peer-to-Peer Networking.
<configuration>
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior>
<clientCredentials>
<peer>
<messageSenderAuthentication>
<messageSenderAuthentication customCertificateValidatorType= "namespace.typeName, [,AssemblyName] [,Version=version number] [,Culture=culture] [,PublicKeyToken=token]"
certificateValidationMode = "ChainTrust/None/PeerTrust/PeerOrChainTrust/Custom"
revocationMode="NoCheck/Online/Offline"
trustedStoreLocation="CurrentUser/LocalMachine" />
The following sections describe attributes, child elements, and parent elements
Attribute | Description |
---|---|
customCertificateValidatorType |
A type and assembly used to validate a custom type. This attribute must be set when certificateValidationMode is set to Custom . |
certificateValidationMode |
Specifies one of three modes used to validate credentials. If set to Custom , then a customCertificateValidator must also be supplied. |
revocationMode |
One of the modes used to check for a revoked certificate lists (CRL). |
trustedStoreLocation |
One of the two system store locations: LocalMachine or CurrentUser . This value is used when a service certificate is negotiated to the client. Validation is performed against the Trusted People store in the specified store location. |
Value | Description |
---|---|
String | Optional. Specifies the type name and assembly and other data used to find the type. At minimum, a namespace and type name are required. Optional information includes: assembly name, version number, culture, and public key token. |
Value | Description |
---|---|
Enumeration | Optional. One of the following values: None , PeerTrust , ChainTrust , PeerOrChainTrust , Custom . The default is ChainTrust . The default is ChainTrust .For more information, see Working with Certificates. |
Value | Description |
---|---|
Enumeration | One of the following values: NoCheck , Online , Offline . The default is Online .For more information, see Working with Certificates. |
Value | Description |
---|---|
Enumeration | One of the following values: LocalMachine or CurrentUser . The default is CurrentUser . If the client application is running under a system account then the certificate is typically under LocalMachine . If the client application is running under a user account then the certificate is typically in CurrentUser . The default is CurrentUser . |
None.
Element | Description |
---|---|
<peer> | Specifies a credential used for authenticating the client to a peer service. |
This element must be configured if message authentication is chosen. For output channels, each message is signed using the certificate provided by <certificate>. All messages, before delivered to the application, are checked against the message credential using the validator specified by the customCertificateValidatorType
attribute of this element. The validator can either accept or reject the credential.
The following code sets the message sender validation mode to PeerOrChainTrust
.
<behaviors>
<endpointBehaviors>
<behavior name="MyEndpointBehavior">
<clientCredentials>
<peer>
<certificate findValue="www.contoso.com"
storeLocation="LocalMachine"
x509FindType="FindByIssuerName" />
<messageSenderAuthentication certificateValidationMode="PeerOrChainTrust" />
<messageSenderAuthentication certificateValidationMode="None" />
</peer>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
- xref:System.ServiceModel.Security.X509PeerCertificateAuthentication
- xref:System.ServiceModel.Security.PeerCredential.MessageSenderAuthentication%2A
- xref:System.ServiceModel.Configuration.PeerCredentialElement.MessageSenderAuthentication%2A
- xref:System.ServiceModel.Configuration.X509PeerCertificateAuthenticationElement
- Working with Certificates
- Peer-to-Peer Networking
- Peer Channel Message Authentication
- Peer Channel Custom Authentication
- Securing Peer Channel Applications